In this blog post, I'm going to show you the manual approach I used to generate a text based representation of the executed instructions of VMProtect (I've only studied devirtualizeme32_vmp_3.0.9_v2) for a specific function (or code portion?).The first step was to manually create a file containing all yara rules for all handlers, this will allow us to automatically detect a specific handler and classify it. The automatic handler detection step is essential because it will allow you to save some time when you are dealing with targets, but that approach is not guaranteed to work for every target, because of the (unique?) algorithm used to decrypt the bytecode (that …

It's been a long time I did not wrote a blog post, but now I'm releasing a crack for 010 Editor v7.0.2 (x64), I mainly used windbg for this operation because it is a stable debugger even if using it is like pain in the ass.

Please make sure that original assembly without patch (010Editor.exe) SHA1: aacac5f44623b1ae676757dda2fc38bfa54fc795

A few days ago I noticed that some people created a platform for CTF challenges that turned out to be very interesting, It looks like that the author is attracted to the kernel ring tather than the user land ring, and I exploited that opportunity to learn more about Windows Drivers, which is something you can say I do for the first time.
I suggest you to try those challenges and try to solve them, and I hope that you will enjoy them, specifically the RE challenges.